from the that's-not-going-to-work dept

We didn't pay as much attention to the new proposals in the EU to ratchet up penalties for "cybercrime" in part because they came out just about the same time that the NSA surveillance information started leaking. However, someone who shall remain anonymous passed along to us a "group briefing" document from the EU Parliament team that came up with the latest cybercrime directive, which highlights a bit of the approach and some of the problems. The document is actually from a year ago, but it's definitely reflected in the final product. The entire focus of the document is on harsher penalties, even though there's no evidence that such penalties do any good or act as a deterrent. And, while the document does note that protecting "white hat hackers" is important for achieving "cybersecurity," apparently they had a lot of trouble agreeing on what to do to protect them:

As regards protecting "white hat hackers" as integral part of the internet's immune system we managed to achieve a very weak recital (6a bis) compared to the initial LIBE orientation vote. It is made clear that reporting of threats, risks, and vulnerabilities is crucial and needs incentives. The crucial last sentence, however, is not clear enough and far away from creating obligations for member states... Therefore there is no serious protection for white hat hackers who find vulnerabilities in other peoples' information systems and report them. we did howeveR start a debate at all and getting the whole EP united behind this.

[....] We managed to get a number of important safeguards in, and the fundamental debate on better IT security is opened. However the direct is in many ways worse than the old framework decision. Higher penalties and the criminalisation of more practices and even tools not only mainly symbolic, but even risks criminalising well-intended "white hat hackers" and curious teenagers. The problem was Council and a too weak negotiation strategy of the rapporteur at the very end.

From the details of the directive that came out, it appears that not many of these flaws have been fixed. Jan Philipp Albrecht, who was a part of the effort, clearly is not at all happy with how it came out:

But Albrecht attacked the directive, saying, "The legislation confirms the trend towards ever stronger criminal sanctions despite evidence, confirmed by Europol and IT security experts, that these sanctions have had no real effect in reducing malicious cyber attacks.

"Top cyber criminals will be able to hide their tracks, whilst criminal law and sanctions are a wholly ineffective way of dealing with cyber attacks from individuals in non-EU countries or with state-sponsored attacks.

"Significantly, the legislation fails to recognise the important role played by 'white hat hackers' in identifying weaknesses in the internet's immune system, with a view to strengthening security.

This will result in cases against these individuals, who pose no real security threat and play an important role in strengthening the internet, whilst failing to properly deal with real cyber criminals.

"The result will leave hardware and software manufacturers wholly responsible for product defects and security threats, with no incentive to invest in safer systems."

The equation here is pretty simple. Simply ratcheting up punishment does little to stop malicious hacking, as hackers rarely expect to get caught. So it does little to nothing to actually helping to stop online crime. What does help is having security researchers and others exposing and fixing vulnerabilities. But, if you create massive new penalties for "cybercrime" and make the rules amorphous enough that those security researchers may get charged under them for trying to help, you do create fewer incentives for them to actually help.

End result: more malicious hacking, and fewer people willing to actually help protect and fix vulnerabilities.

That's not good for anyone. But, it fits with the technically clueless "law enforcement above all else" mentality we see too often in government these days, which seems to think that "great enforcement" and "greater punishment" is the answer to any wrong, no matter how much evidence suggests that's untrue.

from the that's-how-it's-done dept

These days, we hear way too many stories of content creators absolutely flipping out about fans enhancing their work in some way. Most recently, we were quite disappointed to see the "Real Calvin and Hobbes" -- a fan site that superimposed the comic strip images on real photographs that matched the original scenes -- get shut down due to aggressive lawyering. So, we're always happy to see artists, who really seem to "get it," recognize that when fans build on the things you've done, it's because they're fans and want to do more with the experience, and to share it with others. That's why it was quite interesting, in listening to the latest episode of the always awesome Hollywood Babble-On podcast with Ralph Garman and Kevin Smith, that they had a revealing discussion after a fan emailed in about a plan to release "enhanced" versions of the podcasts on YouTube.

If you're not a fan of the podcast, it involves the two hosts, in front of a live audience, discussing show business, hilariously. One part of the show is that it includes images and videos that they comment on. Many of these are from the week's news, but there are other amusing segments, such as "shit that should not be" in which they highlight a clip from a film each week where someone screwed up and allowed something into the film that shouldn't have been there (e.g., you can see the camera crew, or someone in the background is doing something stupid). When listening to the podcast, it can sometimes be a bit strange, since you can't see the images and videos that they use. To deal with that, they also put up all the images and videos on the site when the podcast goes live. I'll usually try to check it out sometime the following week.

So, in this latest episode, a fan emailed to say that he was going to put together "enhanced" versions of the podcast on YouTube, in which he'd insert the images and videos at the appropriate points so that if you listened to it via YouTube, you could take a look when the visual stuff comes up. Not that useful if you're listening while driving or something but if you're just, say, listening at your desk, it might make for a nice alternative. It's somewhat amusing to hear the reactions of Garman and Smith as they walk through this, and I actually think that Smith's reaction is the kind of thought process in action that many creative folks go through when they realize that people are doing something with their stuff: the first thought is -- instinctually -- to be concerned about someone else doing something with their stuff, but then the quick realization that, wait, this is a good thing, and if it's a good thing, maybe they should team up. So, within a few seconds, it goes from Smith somewhat jokingly suggesting that this is "stealing" to him saying that he now wants to give the guy money each week to do the same thing:

Garman: Doug did a very cool thing. He says I'm going to post uncut episodes of Hollywood Babble-On on YouTube. But I'm going to stick whatever pictures and videos are included in the show throughout the course of it.... What he's done is he's run the audio underneath and then laid all the stuff on top of it so you can watch it on YouTube in one sitting.

Smith: It would be better if he did it on our channel, rather than stealing our content and putting it on his channel. And just because he's putting our fucking pictures under it as well, that seems like theft to me, no? Especially since he's putting it on his YouTube channel, if you get enough hits and stuff, they'll give you some fucking money and shit. I mean, I'm not one of those cats who's like 'don't bootleg' because I used to get bootlegs back in the day... but I'm still alive, bitch. This is all I got is this fucking Babble-On show. Don't take this away from me and Ralph.

Garman: Doug, you'll be hearing from our lawyers, was what I meant to say.

Smith: Yeah, just do it for our channel. Do it for our channel and will throw him a couple bucks every week. I love that shit, man. Just do it for us.

Garman: Alright.

Smith: I'll give him shit in advance. I'll give him the podcast in advance so that by the time the podcast drops, the YouTube episode can drop as well.... There's no point in fighting it. I mean, you can't fight the creative urge. This dude loves our art so much...

Garman: Well, he likes to watch it on his Xbox which has a YouTube app, so he can sit there...

Smith: Bingo. He's loves our shit. It makes him want to make his own shit. And you don't want to stifle that and be like "fucking don't do that or we'll sue you." What you want to do is fucking recruit him and be like "help us do it" and fucking work together and shit....

And... boom, this week's episode (the one where they discuss this very idea) comes complete with an enhanced YouTube version that is posted on Smith's own Seesmod YouTube channel. If you want to hear the actual discussion transcribed above, it's at about 28:12 in the video below:

Of course, this is hardly the first time Smith has done something like this. We've discussed a number of cool things he's done to connect with fans in the past. In fact, the latest movie that Smith has had (something) of a hand in, Jay & Silent Bob's Super Groovy Cartoon Movie! was actually directed by Steve Stark, a guy that Smith met via Twitter, after Stark animated some of another Smith podcast, the Smodcast. That led to a collaboration in which Stark was hired to produce more animations, and eventually to direct that movie.

To many of us, of course, this kind of thing makes quite a lot of sense. If your fans are doing awesome stuff with your stuff, see if there are ways to work together to make it better for everyone. And, yet, it still seems like too many people instead stick with the instinctual reaction of "that's against the law!" and immediately call the lawyers. How much more interesting a world would it be if more people looked for the upside when fans embrace the artwork they love?

Update: Kevin Smith stopped by to provide some more detail, including explaining that, coincidentally, people working with him were already working on something like this, which is why they put up this clip, and it's not actually by the guy who had emailed him, but he's still reaching out. Um, and he also says that Techdirt is mentioned in Clerks III.

from the urls-we-dig-up dept

Temporary hearing loss is not an uncommon experience after going to a loud music concert. It can almost be funny when you're talking too loud because you can't hear yourself, and thankfully, the ringing in your ears after a loud show usually goes away. People sometimes take their ability to hear for granted, but it's an important sense, and here are just a few interesting links on listening that you might want to check out before you need a hearing aid.

from the could-it-be? dept

It took decades to get this done, but it appears that a copyright treaty for the blind has been signed in Marrakech, and despite a full court press from the MPAA to further water down the agreement, it appears the final version is closer to what the various public interest and blind groups wanted. Apparently, US and EU negotiators were not thrilled with the outcome, but couldn't fight it any more. The full text hasn't been released yet, but from all the commentary out of Marrakech, it sounds like the MPAA failed to poison this treaty. I'm sure we'll have more on this later, but two things to discuss out of this:

Contrary to the claims of the USTR about how it would be crazy to negotiate agreements like ACTA, TPP or TAFTA with openness on the drafts being considered, this agreement was negotiated with transparency and (mostly) openness. Once again, we see that the USTR is full of it with its lack of transparency.

There is still a ratification question. Expect the MPAA efforts to now shift to blocking the US from actually ratifying the treaty, which is rather important, since the key part of the treaty is letting creative works for the blind enter into various countries, but most of the books would likely originate from the US....

from the it-all-comes-around dept

A few months back we wrote about the DOJ's overprosecution of Barrett Brown, who helped publicize some of Anonymous/Antisec's hacks that revealed just some of the dirty underbelly of the intelligence-industrial complex, whereby private contractors working with the government would resort to various dirty tricks to try to "expose" Anonymous and destroy the careers of journalists like Glenn Greenwald. The charges against Brown seemed fairly ridiculous. He was charged with "concealing evidence" because he hid a laptop in his mother's dish cabinet. He was charged with threatening law enforcement agents for an admittedly ill-conceived video he posted online, in which he ranted angrily about law enforcement persecution, where he did say that he would shoot those who came after him (as I said, extremely ill-conceived). However, his main "crime," it seems, was to have been closely associated with those involved with the HBGary, Booz Allen and Stratfor hacks that helped to expose some of the tricks pulled by private contractors. And, for that, the feds just kept piling on charge after charge.

With the focus on Ed Snowden suddenly drawing a lot more attention to the role that Booz Allen and other contractors play within and around our intelligence community, some are once again remembering Barrett Brown, and how he was associated with a bunch of hacks that helped expose some of that way before all of this broke -- but mainly because all Brown really seems to have done was help draw the attention of the world to the results of those hacks. And now people are wondering why he's been sitting in prison all this time.

Ahmed Ghappour, attorney for Brown, calls the charges "prosecutorial overreach", and maintains most are related to legitimate journalistic practices, such as cutting-and-pasting a link and refusing to give the FBI access to his sources on a laptop, "a modern-day notebook". In contrast to the FBI's aggressive pursuit of Brown, no probe of the Team Themis project was launched – despite a call from 17 US House representatives to investigate a possible conspiracy to violate federal laws, including forgery, mail and wire fraud, and fraud and related activity in connection with computers. Ghappour asks:

"What length will the government go to prosecute journalists reporting on intelligence contractors? Brown was one of the first to report on the plan to take down Glenn Greenwald.

"It was clear Booz Allen Hamilton [whistleblower Edward Snowden's former employer] was consulting with the NSA, at least supporting their mass-surveillance program, and this was one of the leads Barrett was chasing at the time of the arrest."

Obviously, there are many who will argue that Brown was not a "journalist" and that he must have been much more involved, but it's not clear if that's the case at all. What is clear is that he did help draw attention to a problem that is just now getting a bit more sunlight, and the response of the feds was to throw every possible book they could find at him.

from the dedicated-follower-of-fashion dept

As we've noted before, when it comes to the Internet, governments around the world have an unfortunate habit of copying each other's worst ideas. Thus the punitive three-strikes approach based on accusations, not proof, was pioneered by France, and then spread to the UK, South Korea, New Zealand and finally the US (where, naturally, it became the bigger and better "six strikes" scheme). France appears to be about to abandon this unworkable and ineffective approach, leaving other countries to deal with all the problems it has since discovered.

According to the article 350 of the proposed draft, prosecutors may ask the judge for "the installation of a software that allows the remote examination and without knowledge of the owner of the content in computers, electronical devices, computer systems, instruments of massive storage or databases."

The key concern raised for similar projects of other countries applies here too: intentionally placing malware on computers increases the risk that others will be able to take control of those systems thanks to vulnerabilities in the code. That's no theoretical issue, as evidenced by major flaws discovered in Germany's trojan software. But it turns out that Spain's proposed malware scheme has an additional bad idea:

Furthermore, the article 351 of the text explains that official agents may require cooperation from "anyone who knows the operation of the computer system or measures applied in order to protect data held there". This means that Spanish authorities might require services from experts, "hackers" or computer companies.

Clearly that could be applied to Google or Facebook, say, which might be forced to provide user passwords or maybe even actively cooperate in attempts to infect a user's system. Given the current revelations about Internet companies' complicity in spying on huge numbers of people around the world, there seems little reason to hope that they would refuse to do so, despite protestations to the contrary, even if they -- unlike the Spanish politicians proposing this law -- understood the extreme stupidity of this approach.

from the yeah,-right dept

Here's a tip to the NSA: if you're going to lie, at least make those lies sound somewhat believable. The latest is that General Keith Alexander, the director of the NSA, was asked a question about Wikileaks while on TV, leading to
the following exchange:

STEPHANOPOULOS: The final point that Pierre made, the question about some government officials are asking whether WikiLeaks is a legitimate journalistic organization or an enemy of the state, where do you come down on that?

ALEXANDER: I have no opinion on WikiLeaks. I really don’t track them. I don’t know — I really don’t know who WikiLeaks are, other than this Assange person.

Of course, this comes out at about the same time as the federal government confirmed that several government agencies are still investigating Wikileaks. To think that the NSA would not be a part of that is somewhat unbelievable, especially given their mandate for foreign surveillance and anything that might lead to terrorism. While I think it's ridiculous that people think Wikileaks helped terrorists in any way, that has been the position stated by many in the government, so it's almost certain that the NSA is involved in any such investigation.

from the don't-they-have-better-things-to-do-with-their-time dept

The latest revelations into the IRS improperly targeting certain types of groups seeking non-profit status revealed a bit of a surprise: open source software operations were apparently a trigger for extra scrutiny. The "be on the lookout" list the IRS used in 2010 included the following entry:

Open Source Software

These organizations are requesting either 501(c)(3) or 501(c)(6) exemption in order to collaboratively develop new software. The members of these organizations are usually the for-profit business or for-profit support technicians of the software.

There is no specific guidance at this point. If you see a case, elevate it to your manager.

Kevin Drum wondered why that would happen, and a reader of his sent in an explanation, suggesting that the IRS suspected that many open source projects were really commercial projects in disguise, and the attempt to get non-profit status was to hide a commercial endeavor:

In short, the IRS is concerned that some of these organizations exist simply to market companies' software, and perhaps the associated services sold alongside them. The IRS suspects that such organizations would be a better fit for 501(c)6 classification, if anything.

I worked in the field for several years, and while it'd be pretty easy to convince me that some of these organizations deserve closer scrutiny, the IRS' "screening" has been wildly disproportionate. Groups that are unquestionably above board have been in limbo for years, unable to start fundraising in earnest, because the IRS refuses to finally approve or reject their application for 501(c)3 status.

Honestly, this raises questions about the whole concept of what qualifies as a "non-profit" in the first place, but targeting open source software operations, considering how important open source software has been to the growth of technology and innovation over the past two decades, is fairly crazy when you think about it.

from the to-russia,-with-love dept

It's hard to believe that the heady times that saw SOPA's rise and fall are only a year and a half ago. Of course, SOPA didn't die, but was merely "delayed". But if you've ever wondered what happened to it, wonder no more; it emigrated to Russia, as TorrentFreak reports:

Aggressive new anti-piracy legislation that allows for sites to be rapidly blocked by ISPs upon allegations of copyright infringement passed through its final two readings in Russia's State Duma today. Lawmakers fast-tracked the controversial legislation despite intense opposition from Google and Yandex, Russia' biggest search engine. Following upper house and presidential approval, the law is expected to come into effect on August 1.

Its measures are extreme:

The proposals would see copyright holders filing lawsuits against sites carrying infringing content. Site owners would then be required to remove unauthorized content or links to the same within 72 hours. Failure to do so would result in their entire site being blocked by Internet service providers pending the outcome of a court hearing.

"This approach is technically illiterate and endangers the very existence of search engines, and any other Internet resources. This version of the bill is directed against the logic of the functioning of the Internet and will hit everyone -- not just internet users and website owners, but also the rightsholders," a spokesman for Yandex said in a statement.

That's a good summary of the problem with this and similar SOPA-like laws. Those proposing them believe, incorrectly, that it is possible to stop people sharing files online if the measures are harsh enough. At the most, that will simply encourage people to swap files on new sites still under the radar, or to exchange them in person using portable hard drives or high-capacity USBs.

But the collateral damage is serious: entire sites can be shut down because of one or two infringements, causing large numbers of people to lose access to their personal files; at the same time, startups will struggle with the disproportionate burden of policing their users, and high-tech investments will fall, put off by the unfavorable market conditions. Bringing in these kind of laws certainly won't get rid of infringing content online, but is likely to impoverish the online landscape in Russia, which is bad for Internet users, bad for Internet companies -- and bad for the whole economy there.

"They think he copied so much stuff — that almost everything that place does, he has," said one former government official, referring to the NSA, where Snowden worked as a contractor for Booz Allen Hamilton while in the NSA's Hawaii facility. "Everyone's nervous about what the next thing will be, what will be exposed."

Of course, as Glenn Greenwald has noted in the past, and is quoted in the same article as saying, so far, Snowden has been quite careful about what he's released:

"I know that he has in his possession thousands of documents, which, if published, would impose crippling damage on the United States' surveillance capabilities and systems around the world," Greenwald told CNN. "He has never done any of that."

Of course, any system that relies on security through obscurity is only as good as it can maintain that obscurity. Perhaps, next time, the NSA will recognize that the best security actually comes via transparency.

from the um,-feist-feist-fesit dept

Reader J Cronin alerts us to the apparent fact that the American Bankers Association (ABA) believes that federal routing numbers are covered by its own copyright, and they've sent a takedown letter to a website that published routing numbers. Greg Thatcher runs a website that, among other things, publishes bank routing numbers. Those are the numbers that appear on the bottom of checks that basically tell you how to send the banks money. Thatcher gets those numbers directly from the Federal Reserve's website. Having a single source for those numbers is really useful for people trying to wire money, so you can see why Thatcher's page would be really popular with lots of people. But the ABA sent this bizarre email:

Demand for Immediate Take-Down: Notice of Infringing Activity
URL: http://www.gregthatcher.com/Financial/Default.aspx
Case #: 10
Date: 30 May 2013
Dear Sir or Madam,
The American Bankers Association has received information that the domain listed above, which appears to be on servers under your control, is offering unlicensed copies of, or is engaged in other unauthorized activities relating to copyrighted works published by the American Bankers Association 1. Identification of copyrighted works:
Copyrighted works:
ABA Routing Numbers
ABA Key to Routing Numbers
Copyright owner:
American Bankers Association
2. Copyright infringing material or activity found at the following location(s):

http://www.gregthatcher.com/Financial/Default.aspx
The above copyright works are being copied, displayed and made available for copying by others, including through downloading, at the above location without authorization of the copyright owner.
3. Statement of authority:
The information in this notice is accurate, and I hereby certify under penalty of perjury that I am authorized to act on behalf of American Bankers Association, the owner of the copyrights in the works identified above. I have a good faith belief that none of the materials or activities listed above have been authorized by American Bankers Association, its agents, or the law.
We hereby give notice of these activities to you and request that you take expeditious action to remove or disable access to the material described above, and thereby prevent the illegal reproduction and distribution of these copyright works via your company's network.
We appreciate your cooperation in this matter. Please advise us regarding what actions you take.

As you'll probably note, this is a typical DMCA takedown notice. But it seems ridiculous that they're claiming copyright on routing numbers. Thatcher responded to their email, pointing out that he was providing information that came from the Federal Reserve. While I can understand where he's coming from, his argument doesn't really mean very much. The federal government can distribute copyrighted works. Just because the Fed is distributing it, doesn't mean it's automatically public domain (if they had created the numbers it would be a different story). It would seem that a much stronger argument is that there is no copyright in routing numbers because there is no creativity in them, and they are merely factual bits of information, and you cannot copyright facts.

Either way, the ABA's lawyers from bigshot law firm Covington and Burling shot back that the ABA had, in fact, been "creative" in creating those numbers, and thus it had a valid copyright.

The ABA Routing Number was originally developed by the ABA to identify only
check processing endpoints, but has evolved over the years to also designate participants in
automated clearinghouses, electronic funds transfer, and on-line banking. These advances in the
ABA Routing Number were the result of significant effort and creativity by the ABA. Today
there are thousands ABA Routing Numbers and they play a critical role in the integrity of bank
payment systems. Each nine digit ABA Routing Number is an original copyrighted work
carefully selected and arranged as a result of the ABA's creativity. Copyright exists from the
moment of creation of each ABA Routing Number and registration in the United States is
voluntary.

I have trouble seeing how that passes the laugh test. The lawyer who wrote those words, Nigel Howard, must have known they were ridiculous when he wrote them. He's an experienced lawyer. In the same letter (embedded below), Howard points out, reasonably, that the ABA is concerned about the continued dissemination of retired numbers. That's a legitimate concern, but it's not a copyright issue. It's also a concern that is easily taken care of by giving Thatcher up-to-date info on routing numbers, or (here's a crazy thought) having the ABA publish them itself. But, no, Howard explains:

The ABA is currently re-assessing with Accuity whether it will engage in any licensing programs, but does not have a licensing program available for websites like yours at the current time.

Well, maybe rather than bullying small sites like Thatcher's with expensive lawyers and highly questionable copyright claims, the ABA should be figuring out a way to fix that problem.

from the that-didn't-take-long-at-all dept

A petition set up on the White House's "We the People" petition site asking the Obama administration to pardon Edward Snowden has already passed 100,000 signatures, and shows no signs of slowing down, with a few weeks still left to go. That means that, in theory, the White House is supposed to issue a response to the petition. Of course, that response could be "hell, no" but it seems more likely that it will be something about letting the DOJ investigation, indictment and charges go through their due course. Still, it is worth noting -- especially in comparison to other petitions -- just how quickly this one got to 100,000 signatures. There are an awful lot of Americans who think that Snowden did something brave and important in revealing how the NSA was spying on us all. Having politicians continue to refer to him as a "traitor" seems like a really short sighted position. A fairly large number of people clearly feel quite the opposite is true.

from the better-watch-out-for-the-skin-deep dept

Government officials keep assuring the public that these surveillance programs are in place to track terrorists and prevent further violent activity aimed at our nation. But much of what the government actually tracks and collects is nearly useless. It's aimed at the sort of platforms and communication devices used by the general public -- the sort of people who make use of the "top level" because they actually have nothing to hide.

The infrastructure set up by the National Security Agency, however, may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use.

Truly dangerous people are smart enough to know to avoid anything easily tracked, surveilled or easily exposed. There may be a little value in catching anything that briefly rises to the surface or surveilling the "public faces" of terrorism, but those serious about their agenda will be operating far below these easily-tapped sources.

In a January 2012 report titled “Jihadism on the Web: A Breeding Ground for Jihad in the Modern Age,” the Dutch General Intelligence and Security Service drew a convincing picture of an Islamist Web underground centered around “core forums.” These websites are part of the Deep Web, or Undernet, the multitude of online resources not indexed by commonly used search engines.

The Netherlands’ security service, which couldn’t find recent data on the size of the Undernet, cited a 2003 study from the University of California at Berkeley as the “latest available scientific assessment.” The study found that just 0.2 percent of the Internet could be searched. The rest remained inscrutable and has probably grown since. In 2010, Google Inc. said it had indexed just 0.004 percent of the information on the Internet.

If someone or something doesn't want to be found on the internet, it's easy to stay hidden, or at the very least, continue to operate below the dragnet. On top of what's not being indexed, there are options available to go completely off the grid. This makes steady communication difficult, but not impossible. What does happen on the net is encrypted or otherwise obfuscated.

Communication on the core forums is often encrypted. In 2012, a French court found nuclear physicist Adlene Hicheur guilty of, among other things, conspiring to commit an act of terror for distributing and using software called Asrar al-Mujahideen, or Mujahideen Secrets. The program employed various cutting-edge encryption methods, including variable stealth ciphers and RSA 2,048-bit keys.

As Bershidsky puts it, tools like the PRISM system and phone metadata are much better suited for surveilling those who don't have any reason to suspect the government has an interest in their movements and actions. In other words: American citizens, the same people who are supposedly not being targeted.

If the FBI and the NSA are only interested in catching clumsy would-be terrorists who can't be bothered to stay off open channels, then, much like the programs themselves, they can only offer us a false sense of security. Being saved from the bench warmers of the terrorism world doesn't ultimately do anything to increase safety, but it does give these agencies something to point to when their actions are questioned. (The FBI has practically set up its own "Busting Stupid Terrorists" cottage industry.) "We stopped [insert plausible but impressive number here] attacks, therefore we need to continue collecting 'dots' and multiple haystacks of connective material."

Whatever the FBI and NSA are gathering from skimming the web's surface is only a minute percentage of what's available. It would seem that deeper, targeted efforts would be much more effective, rather than simply asking for everything and working backwards. But if the actual intent is to surveill American citizens (with prevented acts of terrorism being a bonus), then these agencies are in the perfect position to do exactly that.

We were disappointed to see that this fact sheet contains an inaccurate statement about how the section 702 authority has been interpreted by the US government. In our judgment this inaccuracy is significant, as it portrays protections for Americans' privacy as being significantly stronger than they actually are. We have identified this inaccurate statement in the classified attachment to this letter.

We urge you to correct this statement as soon as possible. As you have seen, when the NSA makes inaccurate statements about government surveillance and fails to correct the public record, it can decrease public confidence in the NSA's openness and its commitment to protecting Americans' constitutional rights. Rebuilding this confidence will require a willingness to correct misstatements and a willingness to make reforms where appropriate.

Later in the letter, they also point to another "misleading" statement, amusingly using a letter that the Director of National Intelligence (DNI) sent to Wyden and Udall two years ago. This was back when they two were asking the DNI to at least reveal how many Americans had their info collected, and the DNI responded that "...it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed...." Now Wyden and Udall are using that line to show that the latest "fact sheet" must be wrong:

Separately, we note that this same fact sheet states that under section 702, "Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime." We believe that this statement is somewhat misleading, in that it implies that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans. In fact, the intelligence community has told us repeatedly that it is "not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under the authority" of the FISA Amendments Act.

So, basically: were you lying to us then, or are you lying to us now?

We'll see what the NSA's response is, but I imagine it will likely involve more lying.

from the oh...-so-that-hairdo's-called-an-'asshat' dept

I'm not sure at which point Fox News' "Fox & Friends" decided Donald Trump held a valid opinion on anything beyond bankruptcy proceedings and divorce settlements, but the hosts went ahead and let the man talk (about current affairs, no less).

"You know, spies in the old days used to be executed," Trump said. "This guy is becoming a hero in some circles. Now, I will say, with the passage of time, even people that were sort of liking him and were trying to go on his side are maybe dropping out… We have to get him back and we have to get him back fast. It could take months or it could take years, and that would be pathetic."

At this point, we're still dealing with the rhetorical. Trump thinks swift justice is the best justice and allowing Snowden to roam the earth somewhat freely is "pathetic." The severely wounded pride of the Republic can't bear the weight of another leak. Trump goes back against his first statement with his followup.

"This guy's a bad guy and, you know, there's still a thing called execution," he went on. "You really have to take a strong… You have thousands of people with access to material like this. We're not going to have a country any longer."

It no longer sounds like Trump wants Snowden taken into custody. It sounds more like he'd prefer someone to put out a hit on him. Again, Trump's concern for this glorious nation of ours drives his soulful plea to kill an American citizen who's only been charged with embarrassing his betters espionage and "theft" of government property.

Of course, Trump doesn't have the power to see this action carried out. But, then again, neither does the government. Snowden isn't a "spy" and hasn't been charged with treason, one of the few federal crimes that includes execution as a punishment option. So, this is just Trump fantasizing about putting Snowden down because he doesn't like what he's done.

As for "not having a country any longer," does this mean Trump is happy with the status quo? The country we have currently is the country we want? Snowden's leaks exposed the government for what it is: a complicit entity that carries water for security agencies and g-men. This is a country whose citizens' rights are being sacrificed on the cross of safety. We hardly have a "country" as it is -- at least not one that would be easily recognized by the founding fathers. And this is what would be saved by the death of Edward Snowden? This is what would be preserved by spilling blood in order to stem the flow previously suppressed information?

If so, who wants it? I know I don't. But if Trump feels this sort of thing is necessary to "protect" the nation, then it's certainly the country he deserves.

from the sickening dept

Some have argued that Meet the Press' David Gregory was just playing "devil's advocate" in asking reporter Glenn Greenwald if he should be arrested for "aiding and abetting" Ed Snowden for doing journalism. I'm not sure I agree with that, but now the NY Times' Andrew Ross Sorkin, normally a business reporter, has gone even further in saying flat out that given Snowden left Hong Kong, he'd "arrest Snowden and now I'd almost arrest Glenn Greenwald, the journalist who seems to be out there, he wants to help him get to Ecuador or whatever."

Of course, there is no evidence that Greenwald is helping Snowden get anywhere. In the meantime, a journalist suggesting another journalist be arrested because his relationship with a source is too close is incredible, and ridiculous. This is doubly true for Sorkin, a journalist who has been, at times, accused of cozying up to Wall Street bankers to tell "their side" of the story of the economic troubles of the past few years.

After a bunch of people called Sorkin out for this he tried to argue that he was not calling for Greenwald to be arrested despite his clear statements in which he appeared to call for exactly that. Sorkin then claimed that he was just "raising other questions." In response, Greenwald shot back: "Did you conspire with all of your extremely close WSJ-executive sources to commit fraud? Did you know about it? #JustAsking." And, really, that's the perfect retort. Anyone confusing a reporter reporting on some information with "conspiring" with the source is making a fool of himself.

Later, Greenwald opined on why he thinks various "establishment" journalists seem to be suggesting that he should be arrested for doing the journalism they failed to do:

Some of what is driving this hostility from some media figures is personal bitterness. Some of it is resentment over my having been able to break these big stories not despite, but because of, my deliberate breaching of the conventions that rule their world.

But most of it is what I have long criticized them for most: they are far more servants to political power than adversarial watchdogs over it, and what provokes their rage most is not corruption on the part of those in power (they don't care about that) but rather those who expose that corruption, especially when the ones bringing transparency are outside of, even hostile to, their incestuous media circles.

They're just courtiers doing what courtiers have always done: defending the royal court and attacking anyone who challenges or dissents from it. That's how they maintain their status and access within it. That's what courtiers to power, by definition, do.

It's a harsh assessment -- perhaps too harsh -- but it does offer a pretty good explanation for the way reporters are taking seriously (and, in some cases, appearing to advocate) for this ridiculous notion that by reporting on Snowden's leaks, Greenwald is somehow a co-conspirator.

Update: This morning Sorkin issued an apology to Greenwald, saying that he believes in freedom of the press and thinks this is an important story, and he didn't mean to imply that Greenwald should be arrested. Rather, he claims, it was a poorly executed attempt to raise some basic questions about the role of the media in all of this.